Method for Accessing Information on Object Having Tag, Local Server, Ons Proxy, Program, Tag Creation Method, Device Having Tag Writer, Tag, and Program for Controlling Device Having Tag Writer

ABSTRACT

A method and system for providing access to information on an article to which a tag is coupled. A local server reads the tag containing a virtual ID that includes an encryption of a bit string. The bit string includes an article ID containing a manufacturer ID. The local server is coupled to an ONS server, an ONS proxy server, and a PML server via a network. The local server sends to the ONS proxy server an ONS service request that includes the virtual ID and requests a network address of the PML server. The local server receives, from the ONS server, the network address of the PML server. The local server sends to the PML server, at the network address of the PML server, a PML information request that includes the virtual ID and requests article information. The local server receives, from the PML server, the article information.

DETAILED DESCRIPTION OF THE INVENTION

1. Field of the Invention

The present invention relates generally to information processingtechnology, and more particularly to a method for accessing informationon article with a tag attached thereon, a local server, an ONS proxy, aprogram, a tag creation method, a tag writer, a tag and a program forcontrolling an apparatus including a tag writer.

2. Background Art

In order to promote the efficiency of article circulation and the spreadof article quality control by use of RFID (Radio FrequencyIdentification) tag, EPCglobal, a standardization group, has establishedthe specifications (shown in FIG. 17) of EPC code that includes versioninformation (VER) indicating tag data bit assignment, manufacturer ID(MID), product ID (PID) and product serial number (SNO) (refer tonon-patent document 1).

Also, the standardization group, EPCglobal has proposed a framework(shown in FIG. 16) for accessing information on article with an RFID tagin which an EPC code is stored attached thereon. According to theframework, a local server 103 acquires an EPC code serving as article IDfrom data that is stored in an RFID tag 101 received via a tag reader102. Subsequently, by use of the EPC code, the local server 103 requeststhe network address of a PML server 107 recording information on articlewith an RFID tag attached thereon via a network 104 from an ONS server105. Then, by use of the EPC code and the network address of the PMLserver 107 acquired from the ONS server 105, the local server 103accesses the information on article with the tag attached thereon, whichis stored in the PML server 107.

Data recorded onto an RFID tag can generally be read with an RFID tagreader of any type. Consequently, an EPC code recorded onto an RFID tagattached to an article worn by an individual may be read with a tagreader installed in a public space. Concerned about the privacy problemthat an article worn by an individual may be grasped by anyone else,consumer groups have staged boycott movements against articles with anRFID tag, interfering with promotion of the efficiency of articlecirculation and the spread of article quality control by use of RFIDtag.

As a method for coping with the privacy problem regarding RFID tag,there has been proposed Kill-Command for halting the function of RFIDtag at the time when the article is bought by a consumer (refer tonon-patent document 2). As another method, there has been proposed afunction such that a blocker tag, which interferes with tag readers,blocks other tag data from being read (refer to non-patent document 3).As still another method for coping with the privacy problem, there hasbeen proposed a method in which whenever data recorded onto an RFID tagis read, the data contents are rewritten with an external tag writer orby the tag itself (refer to non-patent documents 4 and 5).

[Non-patent document 1] Bud Babcock et al, “EPC Tag Data StandardsVersion 1.1 Rev. 1. 24,” EPCglobal, Apr. 1, 2004

[Non-patent document 2] Auto-ID centre, “860-960 MHz Class I RadioFrequency Identification Tag Radio Frequency & Logical CommunicationInterface Specification Proposed Recommendation, Version 1. 0.0,”Technical Report MIT-Auto ID=TR007, 2002

[Non-patent document 3] A. Juels et al, “The Blocker Tag: SelectiveBlocking of RFID Tags for Consumer Privacy,” MIT RFID Privacy Summit,2003

[Non-patent document 4] M. Ohkubo et al, “Cryptographic Approach to aPrivacy Friendly Tag,” MIT RFID Privacy Workshop, 2003

[Non-patent document 5] S. Weis, “Security and Privacy inRadio-Frequency Identification: Security Risks and Challenges,” RSACryptobytes, Vol. 6, No. 1, 2003

DISCLOSURE OF THE INVENTION Problems to be Solved by the Invention

The above described methods for coping with the privacy problem willsacrifice traceability that is the main object of introducing RFID tag,and/or will involve increased cost associated with introducingadditional hardware mechanism.

An objective of the invention is to provide a method for accessinginformation on an article with a tag attached thereon, the method makingit possible to prevent information on article worn by an individual frombeing grasped with a tag reader installed in a public space, withoutsacrificing traceability and without involving much increase in cost, alocal server, an ONS proxy, a program, a tag creation method, a tagwriter and a tag writer control program.

The above object can be achieved by combinations of the featuresdescribed in the independent claims. The dependent claims defineadditional advantageous embodiments of the invention.

SUMMARY OF THE INVENTION

According to a first aspect of the invention, in a network systemincluding a local server, an ONS proxy, an ONS server and at least onePML server, there is provided a method for providing access toinformation on an article associated with a tag, comprising the stepsof: reading, by the local server, at least one encrypted virtual IDincluded in a tag; sending an ONS service request including the virtualID from the local server to the ONS proxy; acquiring, by the ONS proxy,an article ID by decrypting the virtual ID by use of a key K;generating, by the ONS proxy, based on the article ID, a network addressrequest for acquiring the network address of a PML server in which theinformation on article associated with the tag is stored, to send therequest to the ONS server; receiving, by the local server, the networkaddress of a PML server which the ONS server has returned in response tothe network address request; sending, by the local server, based on thenetwork address of a PML server, a PML service request including thevirtual ID to the PML server; and providing, by the PML server, accessto the information on article associated with the tag, which has beenspecified with the article ID acquired by decrypting the virtual ID byuse of the key K, for the local server.

The first embodiment of the invention can be perceived as a networksystem, a local server, an ONS proxy, a program, a storage medium inwhich the program is stored, or as other program products.

According to a second aspect of the invention, there is provided amethod for making, by using a tag writer, a tag including a virtual IDwith a length of N bits is stored, the method comprising the steps of:storing an article ID with a length of (N−r) bits in a storage device;generating a random number R of r bits; generating a bit string with alength of N bits by distributing digits of the random number R of r bitswithin the bit string of the article ID with a length of (N−r) bits;generating a virtual ID with a length of N bits by encrypting the bitstring with a length of N bits in a manner that decryption of theencrypted bit string with a key K stored in the ONS proxy and the PMLserver is possible; and writing the virtual ID with a length of N bitsto a tag by use of a tag writer.

The second embodiment of the invention can be perceived as an apparatusincluding a tag writer, a tag itself, a program for controlling anapparatus including a tag writer, a recording medium in which theprogram is stored, or as other program products.

In the above described outlines of the invention, all essential featuresof the invention are not listed. Subcombinations of these feature groupscan also become an invention.

PREFERRED EMBODIMENT

The invention will now be described through embodiments of theinvention. The embodiments described below, however, does not limit theinvention according to the claims, and not all the combinations of thefeatures described in the embodiments are essential as the means of theinvention for solving the problems.

Embodiment 1

FIG. 1 is a high-level schematic diagram showing a network system 100according to a first embodiment of the invention. The network system 100includes a local server 103, an ONS server 105, an ONS proxy 106 and aPML server 107 being communicatable with each other via a network 104.

(Hardware Configuration)

FIG. 2 is an external view of a first exemplary RFID tag 101 beingusable in the first embodiment of the invention. FIG. 3 is an externalview of a second exemplary RFID tag 101 being usable in the firstembodiment of the invention. FIG. 4 is an external view of an exemplaryRFID tag reader/writer 102 being usable in the first embodiment of theinvention.

According to the first embodiment, the RFID tag 101 includes an IC chip201 or 301 and an antenna 202 or 302, each of the IC chips 201 and 301including a logic circuit and a memory. The RFID tag 101 has a functionof the logic circuit performing reading/writing from/to the memory basedon the contents of communication with the RFID tag reader/writer 102 viathe antenna 202 or 302. The first exemplary RFID tag 101 performs thecommunication with the RFID tag reader/writer 102 throughelectromagnetic induction. The second exemplary RFID tag 101 performsthe communication with the RFID tag reader/writer 102 through microwave.Based on the standard specifications or the like, a person skilled inthe art can arbitrarily design, manufacture or obtain the abovedescribed RFID tag 101 and RFID tag reader/writer 102, and hencedetailed description thereof is omitted in the present specifications.

FIG. 5 is a diagram showing an exemplary hardware configuration of acomputer that appropriately functions as the local server 103, ONSserver 105, ONS proxy 106 or PML server 107 in the first embodiment ofthe invention. The computer apparatus includes a central processing unit(CPU) 1 and a main memory 4. The CPU 1 and main memory 4 are connectedvia a bus 2 to a hard disk device 13 serving as an auxiliary storageunit. Also, removal storages (external storage systems with exchangeablerecording medium) including a flexible disk unit 20, a MO unit 28 andCD-ROM units 26 and 29 are connected to the bus 2 via a flexible diskcontroller 19, an IDE controller 25, a SCSI controller 27 and the like,which are related to the removal storages, respectively.

Storage media such as flexible disk, MO and CD-ROM are inserted intoremoval storages such as the flexible disk unit 20, MO unit 28 andCD-ROM units 26 and 29, respectively. On the flexible disk and the like,hard disk device 13 and ROM 14, there can be recorded computer programcodes for giving instructions to the CPU, etc. in conjunction withoperating system to implement the invention. In order to execute thecomputer program, it is loaded into the main memory 4. The computerprogram can be compressed, and can also be divided to be recorded onplural media.

Further, the computer apparatus can include as user interface hardware apointing device 7 such as a mouse, a keyboard 6 and a display 12 forproviding visual data for the user. Also, a printer (not shown) can beconnected via a parallel port 16, and a modem (not shown) can beconnected via a serial port 15. The computer apparatus can communicatewith another computer or the like through connection with a network viathe serial port 15 and modem or via a communication adapter 18(Ethernet® card or token ring card) or the like.

A loudspeaker 23 receives via an amplifier 22 audio signals obtained byperforming D/A conversion (digital/analog conversion) by an audiocontroller 21, and outputs sounds. The audio controller 21 A/D converts(analog/digital converts) audio information received from a microphone24, thus making it possible to capture audio information from outsidethe system into the system.

According to the above description, it will be easily understood thatthe computer apparatus according to the embodiment of the invention canbe implemented by an information processing apparatus such as mainframe,workstation, ordinary personal computer (PC) or by a combination ofthese apparatuses. It is noted that these components are shown as anexample and all the components are not essential for the invention.

Particularly, among the hardware components described above, even whenremoval storages such as flexible disk unit 20, MO unit 28 and CD-ROMunits 26 and 29, parallel port 16, printer, serial port 15, modem,communication adapter 18, loudspeaker 23, audio controller 21, amplifier22, microphone 24, etc. are removed, the embodiment of the invention isimplementable. Thus, the above components may not be included in thecomputer apparatus according to the embodiment of the invention.

Various modifications such as distributing the function of each hardwarecomponent of the computer apparatus used to implement the invention to acombination of plural machines for implementation can be easilyconceived by those skilled in the art. Of course, these modificationsare concepts that can be included in the technical scope of theinvention.

The computer apparatus can employ, as operating system, Window®operating system provided by Microsoft corp., AIX provided byInternational Business Machines Corp., MacOS provided by Apple Computer,Inc. or Linux or the like that supports GUI multi-window environment.The computer apparatus can also employ, as operating system, PC-DOSprovided by International Business Machines Corp. or one withcharacter-based environment such as MS-DOS provided by Microsoft corp.Also, the server 300 can employ OS Open provided by InternationalBusiness Machines Corp., a real time OS such as Vx Works of Wind RiverSystems, Inc. or an operating system incorporated into a networkcomputer such as Java (R) OS.

It can be understood from the above description that the computerapparatus is not limited to a particular operating system environment.Of course, the local server 103, ONS server 105, ONS proxy 106 or PMLserver 107 can be operated under a different operating systemenvironment from each other.

The network 104 is a communication path that connects the local server103, ONS server 105, ONS proxy 106 and PML server 107; it can beimplemented by the Internet, for example. As is commonly known, thenetwork 104 being the Internet performs connection between systems byuse of TCP/IP (Transmission Control Protocol/Internet Protocol). In thenetwork 104, mutually communicating systems are specified by use of IPaddress represented by global address or local address.

(Functional Block Configuration)

FIG. 6 is a functional block diagram of a network system according tothe first embodiment of the invention. According to the embodiment ofthe invention, the local server 103 includes a tag reader/writercontroller 1031, an ONS resolver 1032 and a PML requester 1033. Thelocal server 103 is connected to the tag reader 102 capable of readingdata recorded on the RFID tag 101. In order to acquire a virtual ID tobe described later, the tag reader/writer controller 1031 acquires datarecorded on the RFID tag by controlling the tag reader/writer 102.

In order to acquire the network address (IP address in this embodiment)of the PML server 107, the ONS resolver 1032 sends a network addressrequest including the virtual ID (VID) acquired by the tag reader/writercontroller 1031 to the network and obtains the network address of thePML server 107.

The PML requester 1033 accesses, by use of the network address of thePML server 107 which is obtained by the ONS resolver 1032 and thevirtual ID, information (hereinafter referred to as PML information) onan article having an RFID tag attached thereon and being associated withthe RFID tag, which information is recorded on the PML server 107.

On the ONS proxy 106, there is securely recorded a common key (K) 1061.In response to the request including the virtual ID from the ONSresolver 1032 of the local server 103, the ONS proxy 106 decrypts thevirtual ID by use of the common key 1061 to acquire an article ID. Then,in order to generate a network address request to request the networkaddress of the PML server which provides access to the information onarticle associated with the article ID, the ONS proxy 106 extracts amanufacturer ID (MID) from the article ID. The ONS proxy sends thenetwork address request in which the extracted MID is included to theONS server 105.

The ONS server 105 is constructed according to the specifications basedon DNS server established by the standardization group, EPCGlobal. Onthe ONS server 105, there is recorded data to associate eachmanufacturer ID (MID) with the network address of a PML server 107managed by a manufacturer indicated by the manufacturer ID. According tothe first embodiment, in response to the network address requestincluding the MID, the ONS server 105 returns the network address of thePML server 107 that provides access to the information on articleassociated with the article ID.

The PML server 107 includes a PML manager 1071 and a PML database 1072that records PML information corresponding to each article ID. Also, onthe PML server 107, there is securely recorded a common key (K) 1073.According to the embodiment, in response to the PML information requestfrom the local server 103, the PML manager 1071 decrypts the virtual IDincluded in the PML information request by use of the common key (K)1073 to acquire the article ID. Then, the PML manager 1071 identifiesPML information corresponding to the article ID from the PML database1072 and provides it for the local server 103.

(Generation of Tag Data Including Virtual ID)

FIG. 7 is a first exemplary data structure of data recorded on an RFIDtag 101 according to the first embodiment of the invention. According tothe specifications established by the standardization group, EPCGlobal,by use of version number (VER) 701 of 8 bits, the data contents assignedto the remaining 88 bits can be defined. In the first example, in theremaining 88 bits, there is stored one virtual ID (VID) 702 generatedbased on article ID; in version number 701, there is stored a bit stringindicating employment of such data structure.

FIG. 8 is a second exemplary data structure of data recorded on an RFIDtag 101 according to the first embodiment of the invention. In thesecond example, in the remaining 88 bits, there are stored the firstvirtual ID (VID-1) 802 of 52 bits generated from manufacturer ID (MID)and product ID (PID) each included in article ID and the second virtualID (VID-2) 803 of 36 bits generated from serial number (SNO) included inarticle ID; in version number (VER) 801, there is stored a bit stringindicating employment of such data structure.

According to the embodiment, virtual ID is generated by applying anappropriate encryption process to article ID. Article ID can becalculated by applying an appropriate decryption process to virtual ID.Also, according to the embodiment of the invention, for the purpose ofprotecting privacy, virtual ID preferably fulfills a condition, i.e.Indistiguishable, in which even when mapping with respect to a pair of agiven article ID and virtual ID is known, mapping with respect toanother virtual ID can not be known. If the above describedIndistiguishable is fulfilled, for example, even when the user makespublic the retrieval result of a virtual ID, the user can know only themapping of the above virtual ID and article ID and can not know anymapping with respect to another virtual ID. According to the firstembodiment, to meet the above described requirement, a bit string of avirtual ID is generated according to the following method.

FIG. 10 is a flowchart showing an exemplary flow of a method forgenerating a virtual ID according to the first embodiment of theinvention.

The process starts with step 1001, and an article ID is acquired (step1002). Here, if a correspondence between article ID and virtual ID isone-one, Indistiguishable can not be fulfilled. Thus, in order toassociate one article ID with plural virtual IDs, the number of bits ofarticle ID is smaller that that of virtual ID, as shown in FIG. 9.According to the embodiment, in order to associate one article ID withvirtual IDs on the order of 220, when a virtual ID of 88 bits isgenerated, an article ID of 68 bits consisting of MID 901 of 24 bits,PID 902 of 20 bits and SNO 903 of 24 bits is employed. Subsequently, arandom number R of 20 bits is generated (step 1003) and then digits ofthe random number R is distributed within the article ID (step 1004)according to an “All-or-Nothing Transformation (AONT)” algorism, andthen the article ID is encrypted with the key K in a manner thatdecryption with the common key stored in the ONS proxy and PML server ispossible (step 1005).

The above process is expressed by the following formula, where knownblock cipher OFB mode such as DES can be employed as encryption functionE, and K is a key of DES, and IV is the initial vector.VID=E _(K,IV)(AONT(MID∥PID∥SNO,R))

In AONT algorism, the random number effect of the random number R isdistributed over the entire cipher text, whereby when any single bit ofthe cipher text is lost, the cipher text can not be decrypted into aclear text. For example, OAEP known as cipher padding of RSA is one ofthe methods for implementing AONT. According to the embodiment, as AONTfunction used in step 1004, there is employed OAEP to be described belowin detail.

FIG. 11 is a flowchart showing OAEP algorism used to generate a virtualID according to the first embodiment of the invention.

The process starts with step 1101. First the random number R generatedin step 1003 is hashed by a hash function F ( ) that outputs a hashvalue of 68 bits to obtain F(R) (step 1102), and then there is generatedX being an exclusive OR between the article ID of 68 bits and the F(R)(step 1103). Further, X is hashed by a hash function G( ) that outputs ahash value of 20 bits to generate G(X) (step 1104), and then there isgenerated Y being an exclusive OR between the random number R of 20 bitsand G(X) (step 1105). Finally, X and Y are joined (step 1106). Byexecuting the above steps, there is generated a bit string Z with alength of 88 bits to be encrypted in step 1005, thereby finishing theprocess (step 1107). The above described process is expressed by thefollowing formulas.X=XOR(MID∥PID∥SNO,F(R)Y=XOR(R,G(X))Z=X∥Y

Taking into consideration the first exemplary data structure of datarecorded on RFID tag, the method for generating a virtual ID wasdescribed above. However, it will be easily understood by those skilledin the art that also in the second example, by use of a similar method,VID-1 is generated by applying a random number of 8 bits to one part (44bits) of the article ID consisting of MID (24 bits) and PID (20 bits),and VID-2 is generated by applying a random number of 12 bits to SNOpart (24 bits) of the article ID.

By executing the above described steps, a virtual ID of 88 bits isobtained, and the process for the first example is finished (step 1006).The virtual ID generated by the above described method is written intothe RFID tag 101 together with the version number by use of the tagwriter 102.

(Method for Accessing Information on Article with a Tag AttachedThereon)

FIG. 12 is a flowchart showing an exemplary flow of a method foraccessing PML information according to the first embodiment of theinvention.

The process starts with step 1201, and the tag reader 102 reads tag datafrom the RFID tag 101. The read tag data is given to the local server103 (step 1202). The local server 103 generates a request having“VID.VER.onsroot.org” including virtual ID (VID) and version number(VER) as target URL (Uniform Resource Locator) and sends it to the ONSserver 105 (step 1203).

When receiving the request sent from the local server 103 in step 1203,the ONS server returns, in response that version information (VER)indicating that virtual ID is included in the tag is included in therequest, the IP address of the ONS proxy 106 to the local server 103.Then, by use of the IP address of the ONS proxy 106, the local server103 returns an ONS service request including VID to the ONS proxy (step1204).

When receiving the ONS service request, the ONS proxy 106 decrypts theVID included in the request by use of the common key 1061 which the ONSproxy 106 holds to obtain an article ID (step 1205), and then extractsmanufacturer ID (MID) included in the article ID to return a requesthaving “MID.onsroot.org” including the MID as target URL to the ONSserver 105 (step 1206). The ONS server 105 identifies the IP address ofthe PML server from the MID included in the request and returns it tothe local server 103 (step 1207).

By use of the IP address of the PML server 107, the local server 103sends a PML service request including VID to the PML server 107 (step1208). By use of the common key 1073, the PML server 107 decrypts theVID included in the received PML service request to obtain an articleID. By use of the article ID, the PML server 107 identifies PMLinformation to be provided and provides it for the local server 103(step 1209), thereby finishing the process (step 1210). According to theembodiment, by executing the above described steps, the local server 103can access the PML information stored in the PML database of the PMLserver 107.

Embodiment 2

FIG. 13 is a high-level schematic diagram showing a network systemaccording to a second embodiment of the invention. According to thesecond embodiment of the invention, the network system 100 includeslocal servers 103 a to 103 c, an ONS server 105, an ONS proxy 106 and aPML servers 107 a to 107 c, which are communicatable with each other viaa network 104.

It should be noted that according to the second embodiment of theinvention, the network system includes a plurality of local servers eachwith a tag reader/writer connected thereto and a plurality of PMLservers. In explaining the second embodiment of the invention, tagreader/writers 102 a to 102 c, local servers 103 a to 103 c and PMLservers 107 a to 107 c are often generically referred to as tagreader/writer 102, local server 103 and PML server 107, respectively.

(Hardware Configuration)

According to the second embodiment of the invention, RFID tag 101, tagreader/writer 102, local server 103, network 104, ONS server 105, ONSproxy 106 and PML server 107 can be realized with hardware similar tothat of the first embodiment. Thus, regarding the second embodiment, thedescription of hardware configuration of each component is omitted.

(Functional Block Configuration)

FIG. 14 is a functional block diagram of a network system according tothe second embodiment of the invention. According to the secondembodiment of the invention, similarly to the first embodiment, thelocal server 103 includes a tag reader/writer controller 1031, an ONSresolver 1032 and a PML requester 1033. Also, according to the secondembodiment, the local server 103 includes an authentication mechanism1034. The authentication mechanism 1034 performs authentication with theONS proxy 106 and stores a credential obtained as a result ofauthentication. The credential stored in the authentication mechanism1034 is used by the PML server 107 determining, in response that a PMLinformation request is received from PML requester 1033, whether or notaccess to recorded PML information is permissible.

According to the second embodiment, a different security level is givento each of the local servers 103 a to 103 c (or tag readers/writers 102a to 102 c). Specifically, assume that: with the connected tagreader/writer 102 a installed in a public space, the local server 103 ais anon-secure one with no credential given thereto; with the connectedtag reader/writer 102 b installed in an ordinary retail shop, the localserver 103 b is a low-level secure one with a low-level credential giventhereto; and with the connected tag reader/writer 102 c managed by themanufacturer of article with a tag attached thereon, the local server103 c is a high-level secure one with a high-level credential giventhereto.

Similarly to the first embodiment, on the ONS proxy 106, there issecurely recorded a common key (K) 1061. According to the secondembodiment, the ONS proxy 106 further includes an authenticationmechanism 1062, and supplies a credential in accordance withauthentication level to the local server 103 in response thatauthentication is properly performed with the authentication mechanism1034 of the local server 103. The ONS proxy 106 according to the secondembodiment has a function of requesting the network address of adifferent PML server 107 from the ONS server 105 based on a result ofauthentication performed with the local server 103.

The ONS server 105, which can be realized by a configuration similar tothat of the first embodiment, has a function of sending back the networkaddress of a PML server 107 in response to a request.

According to the first embodiment, the PML server 107 includes a PMLmanager 1071, a PML database 1072 and a securely recorded common key (K)1073. According to the second embodiment, the PML server 107 furtherincludes an authentication mechanism 1074. The authentication mechanism1074 has a function of determining, according to a credential that alocal server 103 requesting PML information holds, whether or not accessto PML information recorded on the PML database 1072 is permissible.

FIG. 15 is a flowchart showing an exemplary flow of a method foraccessing PML information according to the second embodiment.

The process starts with step 1501. The tag reader 102 reads tag dataincluding at least one virtual ID (VID) from the RFID tag 101. VID canbe generated by a method similar to one which was described regardingthe first embodiment.

The read tag data is given to the local server 103 (step 1502). Thelocal server 103 generates a request having “VID.VER.onsroot.org”including virtual ID (VID) and version number (VER) as target URL(Uniform Resource Locator) and sends it to the ONS server 105 (step1503).

When receiving the request sent from the local server 103 in step 1503,the ONS server 105 returns the IP address of the ONS proxy 106 to thelocal server 103 based on the request. Then, by use of the IP address ofthe ONS proxy 106, the local server 103 sends an ONS service requestincluding VID to the ONS proxy 106 (step 1504).

The above described steps are similar to those in the first embodiment.Subsequently, according to the second embodiment, the ONS proxy 106performs authentication with the local server 103 which sent the ONSservice request (step 1505). If authentication fails in step 1505, thenthe flow proceeds from step 1506 through arrow No to step 1508 withoutissuing any credential. In the second embodiment, assume that theauthentication between the non-secure local server 103 a and ONS proxy105 fails, thus issuing no credential.

If the authentication is properly performed in step 1505, then the flowproceeds from step 1506 to arrow Yes, and authentication level isdetermined. Those skilled in the art can appropriately design andimplement a method for determining authentication level. For example,authentication level can be determined by the IP address of localserver, the ID of tag reader/writer or the like, which are preliminarilyregistered. Then, a credential corresponding to the determinedauthentication level is issued to the local server 103 (step 1507).

In the second embodiment, assume that: low-level authentication isproperly performed with respect to the local server 103 b withlow-security level given thereto, whereby a low-level credential isissued; high-level authentication is properly performed with respect tothe local server 103 c with high-security level given thereto, whereby ahigh-level credential is issued.

Subsequently, the ONS proxy 106 decrypts VID included in the request byuse of common key (K) 1061 to obtain an article ID (step 1508), andextracts manufacturer ID (MID) included in the article ID to send arequest having “MID.onsroot.org” including the MID as target URL to theONS server 105 (step 1509). According to the second embodiment, the ONSproxy 106 generates a different target URL based on a result ofauthentication of step 1506.

Specifically, the ONS proxy 106 generates “MID.non_secure.onsroot.org”with respect to the local server 103 a for which authentication hasfailed, and generates “MID.low_secure.onsroot.org” with respect to thelocal server 103 b for which low-level authentication has been properlyperformed, and generates “MID.high_secure.onsroot.org” with respect tothe local server 103 c for which high-level authentication has beenproperly performed.

When receiving the request, the ONS server 105 identifies the IP addressof an appropriate PML server 107 from the MID and security levelincluded in the request and returns it to the local server 103 (step1510). It should be noted that the returned IP address can changeaccording to the contents of target URL.

Specifically, according to the second embodiment, the ONS server 105returns the IP address of PML server 107 a to the local server 103 a,and returns the IP address of PML server 107 b to the local server 103b, and returns the IP address of PML server 107 c to the local server103 c.

By use of the acquired IP address of PML server 107, the local server103 sends a PML service request including VID to the PML server 107(step 1511). When receiving the PML service request, the PML server 107firstly determines whether or not the server itself is a secure site(step 1512).

If it is determined in step 1512 that the PML server 107 is not a securesite, then the flow proceeds through arrow No to step 1514 because thePML information stored in the above PML server 107 is accessible byanyone. If it is determined in step 1512 that the PML server 107 is asecure site, then the PML server 107 certifies, by use of authenticationmechanism 1074 whether or not the local server 103 which has sent thePML service request holds an appropriate credential (step 1513).

If the authentication mechanism 1074 of PML server 107 determines instep 1513 that the local server 103 holds an appropriate credential, theflow proceeds through arrow Yes to step 1514. In step 1514, the PMLserver 107 decrypts VID included in the PML service request by use ofthe common key (K) 1073 to obtain an article ID. By use of the articleID, the PML server 107 identifies PML information to be provided, andthen provides it for the local server 103, thereby finishing the process(step 1516).

If the authentication mechanism 1074 of PML server 107 determines instep 1513 that the local server 103 does not holds an appropriatecredential, then the flow proceeds through arrow No to step 1515, andthe PML server 107 rejects access to PML information by the local server103 (step 1515), thereby finishing the process (step 1516).

The previous description is of preferred examples for implementing theinvention, and the technical scope of the invention should not berestrictively interpreted by the description of the embodiment but bedefined by the claims. Those skilled in the art will recognize that manychanges or modifications to the embodiments described above arepossible. For example, while the above embodiments are described underan assumption that encryption and decryption of virtual ID are performedwith a secret key cryptography using a common key, encryption anddecryption of virtual ID may of course be performed with a public keycryptography using a pair of secret key and public key. Further, forexample, while ONS proxy and ONS server is constructed as separatehardware in the above described embodiments, the functions of ONS proxyand ONS server may be implemented by the same hardware. Specifically,those skilled in the art can easily and properly design the hardwarearrangement and implementation of servers, functional blocks, programmodules and the like each described above in the embodiments. It will beapparent from the description of the claims that an embodiment with suchchanges or modifications applied thereto can also be included in thetechnical scope of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a high-level schematic diagram showing a network systemaccording to a first embodiment of the invention;

FIG. 2 is an external view of a first exemplary RFID tag being usable inthe first embodiment of the invention;

FIG. 3 is an external view of a second exemplary RFID tag being usablein the first embodiment of the invention;

FIG. 4 is an external view of an exemplary tag reader/writer beingusable in the first embodiment of the invention;

FIG. 5 is a diagram showing an exemplary hardware configuration of acomputer apparatus that functions as a local server, etc. in the firstembodiment of the invention;

FIG. 6 is a functional block diagram of the network system according tothe first embodiment of the invention;

FIG. 7 is an image of a first exemplary data structure of data stored inRFID tag according to the first embodiment of the invention;

FIG. 8 is an image of a second exemplary data structure of data storedin RFID tag according to the first embodiment of the invention;

FIG. 9 is an image of data structure of an article ID according to thefirst embodiment of the invention;

FIG. 10 is a flowchart showing an exemplary flow of a method forgenerating a virtual ID according to the first embodiment of theinvention;

FIG. 11 is a flowchart showing OAEP algorism used to generate a virtualID according to the first embodiment of the invention;

FIG. 12 is a flowchart showing an exemplary flow of a method foraccessing PML information according to the first embodiment of theinvention;

FIG. 13 is a high-level schematic diagram showing a network systemaccording to a second embodiment of the invention;

FIG. 14 is a functional block diagram of the network system according tothe second embodiment of the invention;

FIG. 15 is a flowchart showing an exemplary flow of a method foraccessing PML information according to the second embodiment of theinvention;

FIG. 16 is an overall image of a network system according to prior art;and

FIG. 17 is an image of data structure of data stored in RFID tagaccording to prior art.

DESCRIPTION OF SYMBOLS

-   101 . . . RFID tag-   102 . . . Tag reader/writer-   103 . . . Local server-   104 . . . Internet-   105 . . . ONS server-   106 . . . ONS proxy-   107 . . . PML server-   201, 301 . . . IC chip-   202, 302 . . . Antenna

1-23. (canceled)
 24. A method for providing access to information on anarticle to which a tag is coupled, said method comprising: reading, by alocal server, the tag, wherein the tag comprises at least one virtualidentifier (ID), wherein the at least one virtual ID comprises anencryption of at least one bit string, wherein the at least one bitstring includes an article ID that identifies the article, wherein thearticle ID includes a manufacturer ID pertaining to the article, andwherein the local server, an Object Naming Service (ONS) server, an ONSproxy server, and a Physical Markup Language (PML) server arecommunicatively coupled to each other via a network; after said readingthe at least one virtual ID, sending, by the local server to the ONSproxy server, an ONS service request that includes the at least onevirtual ID and requests a network address of the PML server, wherein theONS proxy server is configured to determine the article ID by decryptingthe at least one virtual ID, to extract the manufacturer ID from thearticle ID, and to transmit the manufacturer ID to the ONS server, andwherein the ONS server is configured to determine the network address ofthe PML server based on the manufacturer ID; after said sending the ONSservice request, receiving, by the local server from the ONS server, thenetwork address of the PML server; sending, by the local server to thePML server at the network address of the PML server received from theONS server, a PML information request that includes the virtual ID andrequests article information pertaining to the article, wherein the PMLserver is configured to determine the article ID by decrypting the atleast one virtual ID, to identify the article information based on thearticle ID, to retrieve the identified article information from adatabase, and to transmit the retrieved article information to the localserver; and after said sending the PML information request, receiving,by the local server from the PML server, the article information. 25.The method of claim 24, wherein the at least one bit string includes atleast one random number distributed within the article ID.
 26. Themethod of claim 25, wherein the at least one virtual ID consists of afirst virtual ID, wherein the at least one bit string consists of afirst bit string (Z), wherein the first virtual ID is an encryption ofthe first bit string, wherein the at least one random number consists ofa first random number (R), wherein F(R) denotes a hash of R, wherein RIDdenotes the articles ID, wherein X denotes an exclusive OR between RIDand F(R), wherein G(X) denotes a hash of X, wherein Y denotes anexclusive OR between R and G(X), and wherein Z is X and Y joinedtogether.
 27. The method of claim 25, wherein the at least one virtualID consists of a first virtual ID and a second virtual ID, wherein theat least one bit string consists of a first bit string and a second bitstring, wherein the first virtual ID is an encryption of the first bitstring, wherein the second virtual ID is an encryption of the second bitstring, wherein the at least one random number consists of a firstrandom number and a second random number, wherein the article IDconsists of the manufacturer ID, a product ID, and a serial number ID,wherein the first bit string consists of the first random numberdistributed within one part of the article ID consisting of themanufacturer ID and the product ID, and wherein the second bit stringconsists of the second random number distributed within the serialnumber ID.
 28. The method of claim 24, wherein the tag further comprisesa version number indicating that the tag comprises the at least onevirtual ID, and wherein the method further comprises: sending, by thelocal server to the ONS server after said reading the at least onevirtual ID, an ONS proxy address request that includes the at least onevirtual ID and the version number and requests an Internet Protocol (IP)address of the ONS proxy server; and after said sending the ONS proxyaddress request and before said sending the ONS service request,receiving, by the local server from the ONS server, the IP address ofthe ONS proxy server, wherein said sending the ONS service requestcomprises sending the ONS service request to the ONS proxy server at thereceived IP address of the ONS proxy server.
 29. The method of claim 24,wherein the method further comprises: receiving, by ONS proxy server,the ONS service request sent by the local server; and processing, by theONS proxy server, the received ONS service request, wherein saidprocessing the ONS service request comprises: determining the article IDby decrypting the at least one virtual ID through use of a key K;extracting the manufacturer ID from the article ID; and transmitting themanufacturer ID to the ONS server.
 30. The method of claim 29, whereinthe method further comprises: receiving, by the ONS server, themanufacturer ID transmitted by the ONS proxy server; and determining bythe ONS server, the network address of the PML server based on themanufacturer ID.
 31. The method of claim 30, wherein the method furthercomprises: receiving, by the PML server, the PML information requestsent by the local server; and processing, by the PML server, thereceived PML information request, wherein said processing the PMLinformation request comprises: determining the article ID by decryptingthe at least one virtual ID through use of the key K; identifying, thearticle information based on the article ID; retrieving the identifiedarticle information from a database; and transmitting the articleinformation to the local server.
 32. The method of claim 31, wherein themethod further comprises: performing authentication between the localserver and the ONS proxy; and determining, by the PML server, that saidperforming authentication was successful, wherein said sending thearticle information by the PML server to the local server is responsiveto said determining by the PML server that said performingauthentication was successful.
 33. The method of claim 32, wherein saidperforming authentication comprises receiving a credential by the localserver based on a result of said performing authentication, wherein themethod further comprises receiving the credential by the PML server as aresult of transmission of the credential by the local server to the PMLserver, and wherein said determining by the PML server that saidperforming authentication was successful is based on content of thecredential received by the PML server.
 34. A computer program product,comprising at least one computer usable medium having computer readableprogram code embodied therein, said computer readable program codecomprising instructions configured to implement the method of claim 24.35. A computer system comprising a local server, wherein the localserver comprises a processor and at least one computer readable memoryunit coupled to the processor of the local server, said at least onecomputer readable memory unit of the local server containinginstructions that when executed by the processor of the local serverimplement a method for providing access to information on an article towhich a tag is coupled, said method comprising: reading, by the localserver, the tag, wherein the tag comprises at least one virtualidentifier (ID), wherein the at least one virtual ID comprises anencryption of at least one bit string, wherein the at least one bitstring includes an article ID that identifies the article, wherein thearticle ID includes a manufacturer ID pertaining to the article, andwherein the local server, an Object Naming Service (ONS) server, an ONSproxy server, and a Physical Markup Language (PML) server arecommunicatively coupled to each other via a network; after said readingthe at least one virtual ID, sending, by the local server to the ONSproxy server, an ONS service request that includes the at least onevirtual ID and requests a network address of the PML server, wherein theONS proxy server is configured to determine the article ID by decryptingthe at least one virtual ID, to extract the manufacturer ID from thearticle ID, and to transmit the manufacturer ID to the ONS server, andwherein the ONS server is configured to determine the network address ofthe PML server based on the manufacturer ID; after said sending the ONSservice request, receiving, by the local server from the ONS server, thenetwork address of the PML server; sending, by the local server to thePML server at the network address of the PML server received from theONS server, a PML information request that includes the virtual ID andrequests article information pertaining to the article, wherein the PMLserver is configured to determine the article ID by decrypting the atleast one virtual ID, to identify the article information based on thearticle ID, to retrieve the identified article information from adatabase, and to transmit the retrieved article information to the localserver; and after said sending the PML information request, receiving,by the local server from the PML server, the article information. 36.The computer system of claim 35, wherein the at least one bit stringincludes at least one random number distributed within the article ID.37. The computer system of claim 36, wherein the at least one virtual IDconsists of a first virtual ID, wherein the at least one bit stringconsists of a first bit string (Z), wherein the first virtual ID is anencryption of the first bit string, wherein the at least one randomnumber consists of a first random number (R), wherein F(R) denotes ahash of R, wherein RID denotes the articles ID, wherein X denotes anexclusive OR between RID and F(R), wherein G(X) denotes a hash of X,wherein Y denotes an exclusive OR between R and G(X), and wherein Z is Xand Y joined together.
 38. The computer system of claim 36, wherein theat least one virtual ID consists of a first virtual ID and a secondvirtual ID, wherein the at least one bit string consists of a first bitstring and a second bit string, wherein the first virtual ID is anencryption of the first bit string, wherein the second virtual ID is anencryption of the second bit string, wherein the at least one randomnumber consists of a first random number and a second random number,wherein the article ID consists of the manufacturer ID, a product ID,and a serial number ID, wherein the first bit string consists of thefirst random number distributed within one part of the article IDconsisting of the manufacturer ID and the product ID, and wherein thesecond bit string consists of the second random number distributedwithin the serial number ID.
 39. The computer system of claim 35,wherein the tag further comprises a version number indicating that thetag comprises the at least one virtual ID, and wherein the methodfurther comprises: sending, by the local server to the ONS server aftersaid reading the at least one virtual ID, an ONS proxy address requestthat includes the at least one virtual ID and the version number andrequests an Internet Protocol (IP) address of the ONS proxy server; andafter said sending the ONS proxy address request and before said sendingthe ONS service request, receiving, by the local server from the ONSserver, the IP address of the ONS proxy server, wherein said sending theONS service request comprises sending the ONS service request to the ONSproxy server at the received IP address of the ONS proxy server.
 40. Thecomputer system of claim 35, wherein the computer system furthercomprises the ONS proxy server, wherein the ONS proxy server comprises aprocessor and at least one computer readable memory unit coupled to theprocessor of the ONS proxy server, said at least one computer readablememory unit of the ONS proxy server containing instructions that whenexecuted by the processor of the ONS proxy server further implement themethod, and wherein the method further comprises: receiving, by ONSproxy server, the ONS service request sent by the local server; andprocessing, by the ONS proxy server, the received ONS service request,wherein said processing the ONS service request comprises: determiningthe article ID by decrypting the at least one virtual ID through use ofa key K; extracting the manufacturer ID from the article ID; andtransmitting the manufacturer ID to the ONS server.
 41. The computersystem of claim 40, wherein the computer system further comprises theONS server, wherein the ONS server comprises a processor and at leastone computer readable memory unit coupled to the processor of the ONSserver, said at least one computer readable memory unit of the ONSserver containing instructions that when executed by the processor ofthe ONS server further implement the method, and wherein the methodfurther comprises: receiving, by the ONS server, the manufacturer IDtransmitted by the ONS proxy server; and determining by the ONS server,the network address of the PML server based on the manufacturer ID. 42.The computer system of claim 41, wherein the computer system furthercomprises the PML server, wherein the PML server comprises a processorand at least one computer readable memory unit coupled to the processorof the PML server, said at least one computer readable memory unit ofthe PML server containing instructions that when executed by theprocessor of the PML server further implement the method, and whereinthe method further comprises: receiving, by the PML server, the PMLinformation request sent by the local server; and processing, by the PMLserver, the received PML information request, wherein said processingthe PML information request comprises: determining the article ID bydecrypting the at least one virtual ID through use of the key K;identifying, the article information based on the article ID; retrievingthe identified article information from a database; and transmitting thearticle information to the local server.
 43. The computer system ofclaim 42, wherein the method further comprises: performingauthentication between the local server and the ONS proxy; anddetermining, by the PML server, that said performing authentication wassuccessful, wherein said sending the article information by the PMLserver to the local server is responsive to said determining by the PMLserver that said performing authentication was successful.
 44. Thecomputer system of claim 43, wherein said performing authenticationcomprises receiving a credential by the local server based on a resultof said performing authentication, wherein the method further comprisesreceiving the credential by the PML server as a result of transmissionof the credential by the local server to the PML server, and whereinsaid determining by the PML server that said performing authenticationwas successful is based on content of the credential received by the PMLserver.